EUVD-2023-53821

Malicious code in bioql PyPI...

CVE-2024-57969

app/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search...

CVE-2024-54674

app/View/GalaxyClusters/clusterexportmispgalaxy.ctp in MISP through 2.5.2 has stored XSS when exporting custom clusters into the misp-galaxy format...

MISP cross-site scripting vulnerability (CNVD-2023-9749884)

MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. Cross-site scripting vulnerability exists in versions prior to MISP 2.4.179. The...

CVE-2023-28884

In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index...

PT-2023-21843 · Misp · Misp

Name of the Vulnerable Software and Affected Versions: MISP versions prior to 2.4.169 Description: The issue allows for XSS via the event-graph relationship tooltip in the js/event-graph.js file. Recommendations: For versions prior to 2.4.169, update to version 2.4.169 or later to resolve the iss...

PT-2022-19679 · Misp · Misp

Name of the Vulnerable Software and Affected Versions: MISP versions prior to 2.4.158 Description: An issue was discovered in MISP, where there is stored XSS via the LinOTP login field. Recommendations: For versions prior to 2.4.158, update to version 2.4.158 or later to resolve the issue. As a...

MISP Information Disclosure Vulnerability (CNVD-2021-33248)

MISP is an open source software solution for collecting, storing, distributing and sharing cybersecurity metrics and threats related to cybersecurity event analysis and malware analysis. An information disclosure vulnerability exists in app/Model/MispObject.php in MISP version 2.4.141. The...

MISP Cross-Site Scripting Vulnerability (CNVD-2021-06525)

MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A cross-site scripting vulnerability exists in MISP version 2.4.136, which originates from...

MISP cross-site scripting vulnerability (CNVD-2021-06526)

MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A cross-site scripting vulnerability exists in MISP version 2.4.136, which originates in...

CVE-2021-25325

MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs...

MISP ACL Check Missing Vulnerability

MISP is an open source software solution for collecting, storing, distributing and sharing cybersecurity metrics and threats related to cybersecurity event analysis and malware analysis. An ACL checking deficiency vulnerability exists in MISP versions prior to 2.4.135 related to...

CVE-2020-29006

MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php...

MISP Cross-Site Scripting Vulnerability (CNVD-2020-66576)

MISP is an open source software solution for collecting, storing, distributing and sharing cybersecurity metrics and threats related to cybersecurity event analysis and malware analysis. A cross-site scripting vulnerability exists in the template element index view in MISP 2.4.134. The...

MISP Cross-Site Scripting Vulnerability (CNVD-2021-08165)

MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A cross-site scripting vulnerability exists in the app/View/Events/resolvedattributes.ctp...

MISP app/Controller/ServersController.php file OS command injection vulnerability

MISP is a suite of open source software solutions for collecting, storing, distributing and sharing cybersecurity metrics and threats cybersecurity event analysis and malware analysis. A security vulnerability exists in the app/Controller/ServersController.php file in MISP version 2.4.87. An...

CVE-2018-6926

In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems where rhshellfix was enabled, and consequently allowed site admins to inject arbitrary OS commands. The impact is limited by th...